FRR and BGP or OSFP - can't get Route Maps to select more than 1 prefix list

[nzkiwi68]

22.1.7_1
FRR version 7.5.1

I can get OSFP to talk to the neighbor or BGP just fine.
The issue is pruning routes.

What I want to do prune the routes sent via OSFP or BGP from site A to site B and back from site B to site A.
But, I need to send a series of routes.

Route Maps using multiple prefix lists seem to be the logical way to do this, but, as soon as I try and save a Route Map with more than 1 Prefix List it will not save stating:
"Related item not found"

What am I doing wrong?

How does anyone else prune OSPF or BGP routing between sites?

[nzkiwi68]

Code Select Expand

Building configuration...

Current configuration:
!
frr version 7.5.1
frr defaults traditional
hostname ONAfw1.localdomain
log syslog notifications
!
router bgp 65521
no bgp ebgp-requires-policy
bgp graceful-restart
neighbor 172.27.4.2 remote-as 65524
neighbor 172.27.4.2 bfd
neighbor 172.27.4.2 update-source ipsec2
!
address-family ipv4 unicast
  redistribute kernel
  redistribute connected
  redistribute static
  neighbor 172.27.4.2 next-hop-self
exit-address-family
!
address-family ipv6 unicast
  redistribute kernel
  redistribute connected
  redistribute static
exit-address-family
!
ip prefix-list sitea-net1 seq 10 permit 192.168.1.0/24
ip prefix-list sitea-net2 seq 20 permit 10.1.55.0/24
!
route-map routemap-out permit 10
match ip address prefix-list sitea-net1
!
line vty
!
bfd
peer 172.27.4.2
!
peer 172.227.4.2
!
!
end

[Patrick M. Hausen]

I have not worked with FRR and dynamic routing on OPNsense, yet. That being said I have run an ISP backbone literally for decades, so there's one thing I can tell you about OSPF. Hopefully it helps.

You cannot prune, aggregate or otherwise manipulate routes within a single OSPF area. You can only do that on area border routers or AS border routers. All routers in a single area must have the full link state database so they end up with the same routing table after running Dijkstra individually. This is a fundamental OSPF design principle.

What you can do (at least with the Cisco gear I am most familiar with) is to make your OSPF AS/area as small as possible containing only the links between all your participating routers. And then redistribute all other prefixes via "redistribute static subnets" and "redistribute connected subnets" (Cisco syntax) as external LSAs into your IGP.
If you go that way you can filter what you redistribute at the router that injects the static/connected subnets with a route map.

[lilsense]

you may want to ask FRR community...

https://frrouting.org/community/

[mimugmail]

The correct way is to add multiple prefix lists with the same names but different priorities :)

[blueart]

Code Select Expand

Building configuration...

Current configuration:
!
frr version 7.5.1
frr defaults traditional
hostname ONAfw1.localdomain
log syslog notifications
!
router bgp 65521
no bgp ebgp-requires-policy
bgp graceful-restart
neighbor 172.27.4.2 remote-as 65524
neighbor 172.27.4.2 bfd
neighbor 172.27.4.2 update-source ipsec2
!
address-family ipv4 unicast
  redistribute kernel
  redistribute connected
  redistribute static
  neighbor 172.27.4.2 next-hop-self
exit-address-family
!
address-family ipv6 unicast
  redistribute kernel
  redistribute connected
  redistribute static
exit-address-family
!
ip prefix-list sitea-net1 seq 10 permit 192.168.1.0/24
ip prefix-list sitea-net2 seq 20 permit 10.1.55.0/24
!
route-map routemap-out permit 10
match ip address prefix-list sitea-net1
!
line vty
!
bfd
peer 172.27.4.2
!
peer 172.227.4.2
!
!
end

You did create a route map, but did not assign it to any peer/neighbor in or outbound, so right now it is not applied.

[nzkiwi68]

The correct way is to add multiple prefix lists with the same names but different priorities :)

Thanks!

That fixed it. No need for a routemap at all, just make multiple prefix lists with the same name, use that prefix list name as a prefix list out for the BGP neighbor.

Then, I actually use a routemap to set the local-preference to prefer WAN1 vs WAN2